The New GDPR of the European Union – Privacy in the Industry 4.0
It seems like only yesterday that the two year phase of adapting to the new General Data Protection Regulation (GDPR) has started. But no, the time things get serious is coming closer and closer quickly. The 25th of May 2018 is the day that all data protection arrangements in companies have to be changed accordingly. It does not only affect European businesses, but every company or enterprise that processes personal data of European citizens.
No matter if you and your company are right at the beginning of the adjustments to the new privacy regulations or you are already in the middle of it: This article will help you figure out and focus on which changes are relevant for you. We take a closer look at the GDPR and bring clarity to the jungle of paragraphs. After all, the official text contains 88 pages and, therefore, is more than four times longer than its predecessor, the Directive 95/46/EC. But most important: We want to show you, why the adjustment phase to the GDPR is a great opportunity for the future of your company. This is the perfect moment to lead your business into the Industry 4.0.
This article provides a short overview of the content of the GDPR. For a more detailed account, we offer a free whitepaper at the end of this article for you to download. It contains additional information about data protection officers and internal documentation, as well as risk management and penalties. Furthermore we will make clear what the GDPR means for the Industry 4.0.
I. What you need to know about the EU General Data Protection Regulation
The principles of the GDPR
The general principles of processing personal data require that it is processed transparently. The purpose of processing has to be clear and legitimate. The amount of processed data has to be kept to a minimum, depending on the purpose. The data has to be accurate and the storage time has to be limited to a period that is bound to the purpose. Additionally, integrity and confidentiality of the data have to be protected. In short:
- Lawfulness, transparency
- Purpose limitation
- Data minimisation
- Storage limitation
- Integrity and confidentiality
Rights of the data subject – how your company has to handle data
With the new GDPR it becomes more important to inform the customer, or the person whose data you process, about what happens to their data. What you have to be aware of is summed up in the following points:
- The right to disclosure of the subject
- Right to erasure: The ‘right to be forgotten’
- Right to restriction of processing
- Right to data portability
- Right to object
One important step towards GDPR compliance: Encryption
The responsibility to comply with the GDPR lies with companies that process personal data. They have to implement
appropriate technical and organisational measures to ensure and to be able to demonstrate that processing is performed in accordance with this Regulation. (GDPR, p. 47)
Examples of these technical and organisational measures (TOM’s) are pseudonymisation or encryption. And encryption is not just the most important measure mentioned in the GDPR because it protects personal data appropriately. One of encryption’s central advantages is the fact that it helps deal with the new obligation to notify subjects in case there is a personal data breach. With proper encryption in place, companies do NOT have to notify their users, because the data is protected accordingly (GDPR Art. 34, page 53).
The communication to the data subject referred to in paragraph 1 shall not be required if ... the controller has implemented appropriate technical and organisational protection measures, and those measures were applied to the personal data affected by the personal data breach, in particular those that render the personal data unintelligible to any person who is not authorised to access it, such as encryption.
You will find more detailled information about what is new with the GDPR in the whitepaper at the end of the page.
II. A historical moment – Privacy in the industry 4.0
The new GDPR is a chance for your company. There is a tremendous change taking place, summarized under the term Industry 4.0. Companies have to adjust their data privacy arrangements in the next two years some way or another. This is why now is the perfect moment for innovation in your company, for pushing modernization and digitalization. The new GDPR is nothing but a reaction to a steadily advancing, structural change. Whether the regulation goes far enough and is suitable for future technical advance, will show.
The cloud brings flexibility as the model of the future
A important challenge that companies are facing is the rapid change of data storage, data management, workflows and teamwork. New technical possibilities simplify internal as well as external communication. Larger and larger amounts of data have to be processed by companies, technical innovations hit the market faster and faster. The intervals in which you have to update software and hardware, or get new work equipment, are getting shorter and shorter.
The cloud is the buzz word of the Industry 4.0, because it is the modern solution for teamwork and data storage. Once the cloud is set up, it brings peace and flexibility to the short life span of technical devices. Not you, but your cloud provider takes care of the software and hardware being up-to-date. Additional encryption takes care of data privacy and GDPR compliance.
Many businesses still shy away from the cloud, mostly for reasons of privacy and concerns about compliance and data security. But cloud security is possible, since cloud providers respond to the doubts and fears of their potential customers and external cloud security solutions specialize in managing cloud risks. Leading cloud providers, such as Dropbox, OneDrive, and Amazon offer the possibility to store data in the country you prefer. Dropbox has a technology partner program with official software solutions that respond to the needs of their customers.
With simple arrangements – because of the GDPR you have to evaluate and make arrangements for privacy anyway – data privacy in the cloud, compliant with the GDPR, is no problem.
Obtenga nuestro documento técnico exclusivo y gratuito sobre la GDPR
Un documento técnico con una visión general de la GDPR: Recopilamos la información más importante para ayudarlo a tener en cuenta lo que es importante con respecto a la GDPR. ¿Su negocio está listo para asumir la Industria 4.0 y desea aprovechar las oportunidades que brinda la GDPR? Entonces obtenga nuestro documento técnico exclusivo y gratuito ahora.
Al ingresar mi dirección de correo electrónico, acepto que Secomba GmbH me envíe información por correo electrónico. Puedo revocar este acuerdo en cualquier momento.